HPE Community
Operating System - HP-UX
1836444 Members
2341 Online
110100 Solutions
New Discussion

How do I enable auditing on hpux?

 
常有慈悲心
Regular Advisor

‎02-16-2005 04:34 PM

‎02-16-2005 04:34 PM

How do I enable auditing on hpux?

how can i enable auditing on HP-UX 11i? to log who and when log on ? and what he do ?
0 Kudos
Reply
4 REPLIES 4
Jeff Schussele
Honored Contributor

‎02-16-2005 04:57 PM

‎02-16-2005 04:57 PM

Re: How do I enable auditing on hpux?

Hi,

Two things:

1) Create a *new* filesystem that mounts to /.secure - should be minimum 512 MB up to 4 GB or more- it depends on how much data you'll want to gather
This is necessary because auditing on a "busy" system can create some *very* large files & you *don't* want to fill the root filesystem lest it bring the system to a screeching halt.

2) Then afterwards just go into SAM & then the Security section & click the Auditing icon & it will ask if you want to enable it - say yes & off you go.

After you see just how large - and how *fast* the files get created you can trim back just how much info it gathers - man audit for further details.

There's a heck of a lot of info that can be garnered - but only so much is actually relevant for any one site.

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Biswajit Tripathy
Honored Contributor

‎02-16-2005 05:00 PM

‎02-16-2005 05:00 PM

Re: How do I enable auditing on hpux?

See:
http://docs.hp.com/en/5990-8172/ch08s09.html

- Biswajit
:-)
0 Kudos
Reply
Jannik
Honored Contributor

‎02-16-2005 05:03 PM

‎02-16-2005 05:03 PM

Re: How do I enable auditing on hpux?

You could install trusted system, this link may give you some idears:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=638058
jaton
0 Kudos
Reply
Indira Aramandla
Honored Contributor

‎02-16-2005 05:06 PM

‎02-16-2005 05:06 PM

Re: How do I enable auditing on hpux?

Hi,

You can enable auditing on HP-UX using audsys aswell.
Use audsys to start or halt the auditing system and set or display audit file information
Eg:-
audsys -f (stops auditing and frees up your processors)
audsys -n (starts auditing)

# audsys -n -c -s

Whenever auditing is turned on, a ``current'' audit file is required and a ``next'' audit file (for backup) is recommended (see audsys(1M) and audomon(1M)). When the ``current'' audit file is full and the ``next'' audit file is available, the auditing system switches files automatically.

audsys allows the user to start or halt the auditing system, to specify the auditing system "current" and "next" audit files (and their switch sizes), or to display auditing system status information. This command is restricted to super-users.

The "current" audit file is the file to which the auditing system writes audit records. When the "current" file grows to either its Audit File Switch (AFS) size the auditing system switches to write to the "next" audit file. The auditing system switches audit files by setting the "current" file designation to the "next" file and setting the new "next" file to NULL. The "current" and "next" files can reside on different file systems.


IA
Never give up, Keep Trying
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.